Advertisement

Quick Links

Table of Contents

D I S C L A I M E R S ....................................................................................................................... 5
R F E x p o s u r e C o m p l i a n c e .......................................................................................... 6
Caution .......................................................................................................................................... 6
General Safety ............................................................................................................................... 8
Vehicle Safety ................................................................................................................................ 9
Potentially Unsafe Areas .............................................................................................................. 9
Contact Information ................................................................................................................... 11
Technical ...................................................................................................................................... 11
Sales ............................................................................................................................................. 11
Revision History .......................................................................................................................... 12
Revision History .......................................................................................................................... 12
Introduction .................................................................................................................................. 13
Features and Benefits ................................................................................................................. 13
Router chart ................................................................................................................................ 15
Specifications .............................................................................................................................. 15
Installation Introduction ............................................................................................................ 20
Package Contents ........................................................................................................................ 20
Configuration and Management ............................................................................................. 26
Connection Steps ........................................................................................................................ 27
Status ............................................................................................................................................. 28
System Information .................................................................................................................... 28
LAN ............................................................................................................................................... 30
WAN and Bkup WAN .................................................................................................................. 34
Wireless ....................................................................................................................................... 38
Bandwidth ................................................................................................................................... 41
LAN & WAN Setup ...................................................................................................................... 42
LAN .............................................................................................................................................. 43
WAN............................................................................................................................................. 47
Keep Online Detection ............................................................................................................ 51
Additional WAN options ......................................................................................................... 53
Dual SIM Policy ........................................................................................................................ 54

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Quadmax MA-6060 and is the answer not in the manual?

Questions and answers

Summary of Contents for Maxon Quadmax MA-6060

  • Page 1: Table Of Contents

    Table of Contents D I S C L A I M E R S ........................5 R F E x p o s u r e C o m p l i a n c e ..................6 Caution ............................6 General Safety ..........................
  • Page 2 Optional Configuration ......................55 Services ............................55 Wi-Fi ............................... 61 Wi-Fi Basic ........................... 61 Wi-Fi Security ........................... 65 Captive Portal ..........................68 Advanced Feature ........................71 DDNS ............................71 PPTP VPN ............................. 74 L2TP VPN ............................. 77 OPENVPN ............................. 79 GRE ..............................
  • Page 3 Shell Commands ........................124 Firmware upgrade ........................125 Backup and Restore ........................126 Factory Default .......................... 126 Reboot ............................127...
  • Page 5: D I S C L A I M E R S

    D I S C L A I M E R S All data and information contained in or disclosed by this document are confidential and proprietary information of RF Industries, and all rights therein are expressly reserved. By accepting this material, the recipient agrees that this material and the information contained therein are held in confidence and in trust and will not be used, copied, reproduced in whole or in part, nor its contents revealed in any manner to others without the express written...
  • Page 6: R F E X P O S U R E C O M P L I A N C E

    ▪ Re-orient or relocate the receiving radio or TV antenna ▪ Increase the separation between the modem and the receiver ▪ Contact RF Industries Maxon Technical Support for assistance.
  • Page 7 Changes or modifications to the modem that are implemented without the express consent of RF Industries Pty. Ltd. void the product warranty and terminate the user’s authority to use the modem.
  • Page 8: General Safety

    General Safety RF Interference Issues: Avoid possible radio frequency (RF) interference by carefully following safety guidelines below: ▪ Switch OFF the modem when in an aircraft. The use of cellular devices in an aircraft is illegal. It may endanger the operation of the aircraft and/or disrupt the cellular network.
  • Page 9: Vehicle Safety

    NOTE: The product needs to be powered via a suitably-rated power source or the power supply provided. Otherwise, the safety-of-use of the modem cannot be guaranteed. Do not affix the modem in an area exposed to the elements where it may be susceptible to a lightning-strike hazard. Vehicle Safety ▪...
  • Page 10 Areas with a potentially explosive atmosphere are often but not always clearly marked. They include: ▪ Fuelling areas such as gas or petrol stations ▪ Below deck on boats ▪ Transfer or storage facilities for fuel or chemicals ▪ Vehicles using liquefied petroleum gas, such as propane or butane ▪...
  • Page 11: Contact Information

    Contact Information In keeping with Maxon's dedicated customer support policy, we encourage you to contact us. Technical Hours of Operation: Monday to Thursday 8.30am to 5.00pm* & Friday from 8:30am to 4:30pm Telephone: 1300 000 734 Facsimile: +61 2 96300844 Email: IOT.support@rfi.com.au...
  • Page 12: Revision History

    Revision History Product MA-6060 LTE Ethernet Router & wifi. Model MA-6060 Document Type Current Version Number Status of the Document Public Release Revision Date August 2018 Total Number of Pages Revision History Level Date History August 2018 Release Version September 2019 Minor changes to reflect firmware and web page layout changes.
  • Page 13: Introduction

    Introduction MA-6060 is LTE Ethernet modem router providing data communications via the public cellular network. The MA-6060 utilises an industrial 32-bit CPU with an embedded operating system. The device has four Ethernet ports and Wi-Fi that conveniently and transparently connect devices to a cellular network, allowing you to connect to your existing serial and Ethernet devices with minimal configuration.
  • Page 14 • Web-based device management, trouble-shooting, and FOTA update High-performance • FDD-LTE CAT6 – Band 28 Supported • Max.300 Mbps Download & Max. 50 Mbps Uplink • 6 Band DC-HSPA+ • Supports multiple WAN access methods, including static IP, DHCP- 4GPPPOE, 3G/HSPA/4G. •...
  • Page 15: Router Chart

    • Schedule Reboot, Schedule Online and Offline. Router chart Embedded Cellular DATA processing system Module Interface User interface Power RS232 10/100M 4 ports WIFI Indicator switch lights Specifications Cellular Specification Standard and Band Bandwidth power sensitivity MA-6060+ LTE WIFI ROUTER LTE FDD: 1(2100MHz), LTE FDD: Download <23dBm...
  • Page 16 UMTS: 1(2100MHz), 5(850MHz), 6(850MHz), DC-HSPA+: 8(900MHz), 9(1700MHz), Download speed Max. 19(800MHz) 42Mbps, Upload speed Max. 5.76Mbps HSPA+: Download speed Max. 21Mbps, Upload speed Max. 5.76Mbps HSDPA: Download speed Max. 7.2Mbps, HSUPA, Upload speed Max. 5.76Mbps WIFI Specification Item Content Standard IEEE802.11b/g/n (2.4GHz) and 802.11ac(5.8GHz) dual- band Wi-Fi Bandwidth...
  • Page 17 WPS (optional) TX power 20dBm(11n),24dBm(11g),26dBm(11b) RX sensitivity <-72dBm@54Mpbs Hardware System Item Content Industrial 32bits CPU FLASH 32MB (Extendable to 64MB) SDRAM 512MB Interface Type Item Content 1x 10/100 Mbps WAN port(RJ45), auto MDI/MDIX, 1.5KV magnetic isolation protection 4x 10/100 Mbps Ethernet ports(RJ45), auto MDI/MDIX, 1.5KV magnetic isolation protection "PWR", "SYS", "WIFI", "SIM", "Online”, “Signal"...
  • Page 18 protection Power 2PIN Terminal block reverse-voltage and over-voltage protection Reset Restore the router to its original factory default settings Power Input Item Content Standard DC 12V/1.5A Power Power Range DC 5~36V Consumption Standby 400~520mA mA@12VDC...
  • Page 19 Communication 480~720mA@12VDC Physical Characteristics Item Content Housing Iron, providing IP30 protection Dimensions 207x135x28 mm Weight 790g Environmental Limits Item Content Operating -35~+75ºC(-31~+167℉) Temperature Storage -40~+85ºC(-40~+185℉) Temperature Operating 95% (Non-condensing) Humidity...
  • Page 20: Installation Introduction

    Installation Introduction Important You should check the router configuration immediately after installation to ensure all settings are as desired. Failure to do so may result in unauthorized access to your equipment. Package Contents Name Quantity Remark Router Cellular antenna WIFI antenna Ethernet cable Console cable 2 PIN Phoenix connector...
  • Page 22 Antenna Installation Screw the SMA male connector of the cellular antenna(s) to the female SMA connector(s) of the Router with labels “ANT-1” and “ANT-2”. Screw the SMA reverse female connector of the WIFI antenna to the SMA reverse male connector of the router with label “WIFI”. Warning: Please ensure that the correct antennas are fitted to the correct place –...
  • Page 23 The pin connections of the RJ45-DB9F serial cable are as follows: RJ45 DB9F RS232 SIGNAL MODEM/ROUTER Output Output Output Output Common Input Input Input Power The input supply voltage range is 5~36VDC. We recommend using the standard DC 12VDC/1.5A power adaptor available from RFI. Indicator Lights Introduction The router provides following indicator lights: “PWR”...
  • Page 24 The table below shows the details of the LED functions: Indicator State Introduction Light Power Router is powered on Router is powered off System BLINK Router is up and working Router is not currently working (may be in the process of (re)booting!) Online Router has logged on network Router hasn’t logged on network...
  • Page 25 Reset Button The modems “Reset” button is used to restore the modem to its original factory default settings. To restore the router to factory default settings, the user needs to press the “Reset” button and hold it until all the modem indicator lights go off, the router will then restore its original factory default settings and restart automatically.
  • Page 26: Configuration And Management

    Configuration and Management MA-6060 is configured via a web interface. To access the MA-6060 web interface users will need a computer with a spare Ethernet LAN port. The LAN card configuration should have the Internet Protocol v4 enabled and set to obtain an IP Address and DNS server address automatically (“DHCP”...
  • Page 27: Connection Steps

    Connection Steps 1. Connect the Ethernet cable supplied (or a standard Ethernet cable) to the MA- 6060 router and your computer Ethernet LAN port and a “LAN” port on the MA- 6060 2. Computer will get an IP address from the MA-6060 DHCP range automatically. 3.
  • Page 28: Status

    Status System Information This page shows basic information of Router including hardware, firmware and network information. System Router Model: The RFI model code of the router (“MA-6060”) Firmware Version: The firmware version and build date of the currently installed firmware MAC Address: The LAN MAC address of Router (LAN bridge MAC) WAN IP: The current (main) WAN IP as assigned by carrier Backup WAN IP: The current backup WAN IP (if backup configured)
  • Page 29 Uptime: The amount of time since the router last (re)booted. Memory Status Total Available: Total available of RAM (that is, physical memory minus some reserve and the kernel code space) Free: Free memory, the router will reboot if free memory is less than 500kB Used: Used memory, total available memory minus free memory Buffers: Used memory for buffers, total available memory minus allocated memory...
  • Page 30: Lan

    This page shows router internal network details. The details include MAC Address, IP address, Subnet Mask, Gateway and local DNS. The page displays active LAN clients, status of DHCP server and details of DHCP clients connected to the LAN Interface. The Connected PPTP and L2TP clients and server details are also listed in this page (NOTE: VPN client/server status is only shown where that particular function is enabled).
  • Page 31 Host Name: host name of LAN client (“*” if client does not supply a name during DHCP negotiation) IP Address: IP address of the client MAC Address: MAC address of the client Conn. Count: count of connections from the client Ratio: what percentage of the maximum allowed connections to the router this device is using.
  • Page 32 Host Name: Host name of LAN client (or “*” if not supplied by client) IP Address: IP address of the client MAC Address: MAC address of the client Client Lease Time: Lease time for this IP Delete: Click to revoke the clients lease – this forces the device to re-negotiate its IP lease from the router.
  • Page 33 Connected L2TP clients This tab will only be displayed if L2TP client is configured under Advanced feature>L2TP VPN. This will provide information on client L2TP connections. Interface: The interface assigned by dial-up system User Name: User name of the client Remote Tunnel IP: Tunnel IP address of the remote server Remote IP: IP address of L2TP server the MA-6060 has connected to Delete: Click to disconnect from this server...
  • Page 34: Wan And Bkup Wan

    Connected PPTP Clients This tab will only be displayed if PPTP clients is configured under Advanced feature>PPTP VPN. This will provide connected PPTP clients. Interface: The interface assigned by dial-up system User Name: User name of the client Remote Tunnel IP: Tunnel IP address of the PPTP client Remote IP: IP address of remote PPTP client Delete: Click to delete PPTP client WAN and Bkup WAN...
  • Page 35 Connection Type: There are several connection types on Main WAN connection type. The configured connection type will show under Connection type. Connection Uptime: length of time this connection has been established; If not connected, displays “Not available” IP Address: IP address of MA-6060 WAN connection Subnet Mask: This display subnet mask of router WAN Gateway: This shows the default gateway of this WAN connection DNS1, DNS2, DNS3: DNS1/DNS2/DNS3 of router WAN...
  • Page 36 IMEI: The IMEI of the routers 3G/4G radio Network Provider: Carrier information from the WAN network LTE band: The band (frequency) in use by the LTE WAN LTE bw: Bandwidth available on LTE WAN LTE CA state: The “carrier aggregation” state LTE Scell band: The band (frequency) in use by the secondary cell during aggregation LTE Scell bw: Bandwidth available on secondary cell during aggregation...
  • Page 37 Total Traffic: flow from power-off last time until now statistics, download and upload direction Traffic by Month: bar graph of the selected month data traffic Previous Month: change graph to previous (ie, earlier) month Next Month: change graph to next (ie, later) month Backup: save traffic information to a file on your PC...
  • Page 38: Wireless

    Restore: restore traffic information from a file on your PC Delete: delete traffic information from the MA-6060 Wireless This page allows users to retrieve information on the Wi-Fi connection. Based on the Wi-Fi setup, various information is displayed in this page. MAC Address: MAC address of the WiFi interface of the modem/router WiFi: Display overall status ( “On”...
  • Page 39 Encryption-Interface wl0: Indicates Enable or disable encryption and encryption type. Received (RX): Received data packet count Transmitted (TX): Transmitted data packet count MAC Address: MAC address of wireless client Interface: Wi-Fi interface name used by wireless client Uptime: Connection uptime of wireless client TX Rate: Transmission bit-rate of wireless client RX Rate: Receive bit-rate of wireless client Signal: The signal strength of wireless client...
  • Page 40 Neighbour’s Wireless Network: Display other networks nearby SSID: The name of wireless network nearby Mode: Operating mode of wireless network nearby MAC Address: MAC address of the wireless nearby Channel: The channel of the wireless nearby RSSI: Signal strength of the wireless nearby Noise: The noise level of the wireless nearby Beacon: Signal beacon of the wireless nearby Open: The wireless nearby require authentication to gain access or not...
  • Page 41: Bandwidth

    Bandwidth This page displays the bandwidth information on LAN and WAN. Bandwidth Monitoring-LAN Graph horizontal axis: Time vertical axis: Speed rate Bandwidth Monitoring-WAN Graph horizontal axis: Time vertical axis: Speed rate...
  • Page 42: Lan & Wan Setup

    Bandwidth Monitoring-Wireless (W10) Graph horizontal axis: Time vertical axis: Speed rate LAN & WAN Setup LAN and WAN setup allow users to configure Local area network settings and Wide area network settings. When LAN tab is clicked, users will be able to configure Local IP address, Subnet Mask, Gateway and Local DNS along with DHCP settings and NTP client settings under LAN setup.
  • Page 43: Lan

    This page allows users to configure router internal address, gateway, subnet mask and local DNS as shown. Router IP Local IP Address: IP address of the routers LAN interface Subnet Mask: The subnet mask of the routers LAN interface Gateway: The default gateway address for LAN clients Local DNS: If you want to use nameservers attached to one of the MA-6060 LAN ports, enter the IP address of the server here.
  • Page 44 Network Address Server Settings (DHCP) The MA-6060 can act as a DHCP server for LAN and WLAN (WiFI) connected devices. It can also act as a DHCP forwarder where you are utilizing a central DHCP server for multiple sites (subnets). DHCP Type: select DHCP Server or DHCP Forwarder as appropriate When you select DHCP Forwarder, you will see input fields for the IP address of the remote DHCP server as below:...
  • Page 45 Client Lease Time: Leased time for IP address in minutes. After this amount of time, the client will need to acquire a new lease if it wishes to remain connected. Static DNS (1-3): If users wish to use their own DNS servers, users can enter their IP addresses here.
  • Page 46 Time Settings Select time zone of your location. To use local time, leave the checkmark in the box next to Use local time. NTP Client: Enable this feature to get the system time from NTP server Time Zone: Time zone options Summer Time (DST): Set it depends on users' location Server IP/Name: IP address of NTP server, up to 32 characters.
  • Page 47: Wan

    This WAN settings page configures the modems WAN network. Users can configure modem to get WAN IP address using various options mentioned below. Some Internet Service Providers (ISPs) will require users to enter specific information such as User Name, Password, IP Address, Default Gateway Address, or DNS IP Address.
  • Page 48 Wired WAN - Static WAN IP Address: IP address of the WAN interface Subnet Mask: subnet mask of the WAN interface Gateway: the default gateway address Static DNS1/DNS2/DNS3: upstream DNS server IP addresses Note that for use in your own internal network, your network administrator can supply these details.
  • Page 49 DHCP-4G This connection allows modem to connect to 4G network. Users are recommended to configure with correct APN, username, password and authentication type provided by their ISP. Username: Network username (if required) Password: Network password (if required) Network Provider Type: select your carrier to get the “standard” APN for that carrier, or select “Custom”...
  • Page 50 APN: Access Point Name, supplied by your carrier/SIM supplier. There are often several options, and these are unique to the carrier. Dialup No: The number to “dial” to get an internet connection from the network. Standard setting is normally fine. PIN Type: select based on if your SIM card has a PIN applied.
  • Page 51 PPPOE Fixed WAN IP: enable if you have a known static IP WAN IP Address: Where Fixed WAN IP is enabled, enter WAN IP here Fixed WAN GW Address: enable if you have a known static IP for the WAN default gateway.
  • Page 52: Keep Online Detection

    Keep Online Detection Keep Online This function is used to monitor your WAN connectivity so that “broken” connections can be re-established, or alternate connections established. Detection Method: None: do not monitor connectivity. Ping: Send ICMP Echo requests to the primary and backup detection server address Route: Detect connection with route method, when choose this method, users should also configure "Detection Interval", "Primary Detection Server IP"...
  • Page 53: Additional Wan Options

    Note: Both the primary and backup detection servers should be stable and reliable – if these servers fail to respond correctly in a timely manner, the modem will attempt to drop and re-establish the connection. During this time, no incoming or outgoing traffic can be send/received Note: The main and backup WAN detection servers have the route to their IP address bound to the specified link (main or backup).
  • Page 54: Dual Sim Policy

    Dual SIM Policy Main SIM Card: You can ONLY select SIM1! Switch To Backup When …: these options allow you to control when to use the backup SIM Switch Back To Main…: Switch back to main SIM option Initial Timeout: Time to switch back to main SIM Data Limit(Mb): data limit that when exceeded, switches back to main SIM...
  • Page 55: Optional Configuration

    Optional Configuration Router Name: set router name Host Name: the host name part of the FQDN of the MA-6060 Domain Name: the domain part of the FQDN of the MA-6060 MTU: Maximum (user) data size in packets sent. Usually “auto”, however depending on your ISP and/or local network settings, you may need to reduce this –...
  • Page 56 Additional DHCPd Options: some extra options users can set by entering them here – for advanced users. Static Leases: if users want to assign certain hosts a specific address then they can define them here. This is also the way to add hosts with a fixed address to the router's local DNS service (DNSmasq).
  • Page 57 DNSMasq DNSmasq is a local DNS server. It will resolve all host names known to the router from dhcp (dynamic and static) as well as forwarding and caching DNS entries from remote DNS servers. Local DNS enables DHCP clients on the LAN to resolve static and dynamic DHCP hostnames.
  • Page 58 DHCP server IP range: Dhcp-range=192.168.0.110,192.168.0.111,12h SNMP Location: Equipment location Contact: Contact this equipment management Name: Device name RO Community: SNMP RO community name, the default is public, Only to read. RW Community: SNMP RW community name, the default is private, Read-write permissions SSHD Enabling SSHd allows users to access a BASH shell on their router with an SSH...
  • Page 59 SSH TCP Forwarding: enable or disable to support the TCP forwarding (SSH tunnels) Password Login: allows login with the router password (username is admin) Port: port number for SSHd (default is 22) Authorized Keys: here users paste their public keys to enable key-based login (more secure than a simple password) System log Enable Syslogd to capture system messages.
  • Page 60 Console: the log information output to console port Web: the log information is available via the router webpage under “Administration” menu Remote Server: if choose net mode, users should input a syslog server’s IP Address (only visible if “Net” selected from “Syslog Out Mode”) Telnet Telnet: enable a telnet server to connect to the router with telnet.
  • Page 61: Wi-Fi

    Wi-Fi The MA-6060 WiFi is dual band, 2.4 and 5GHz. Each band is separately configurable as below Wi-Fi Basic Wireless Network “Enable” or “Disable” the Wi-Fi of the router.
  • Page 62 Wireless Mode • AP – access point: modem acts as WiFi “server” • Client – modem uses WiFi as WAN connection • Adhoc – use “peer-to-peer” mode (no AP) • Repeater – router connects to the same SSID as the one it broadcasts. This ‘extends”...
  • Page 63 Only supports the 802.11g standard wireless devices. NG-Mixed Support 802.11g, 802.11n wireless devices. N-only Only supports the 802.11g standard wireless devices. Wireless Network Name(SSID) The SSID is the network name shared among all devices in a wireless network. The SSID must be identical for all devices in the wireless network. It is case- sensitive and must not exceed 32 alphanumeric characters, which may be any keyboard character.
  • Page 64 of these (eg, channel 1,2 and 3 can’t use “lower”, as there are not channels 3 steps “below” these ones!) Wireless SSID Broadcast: Enable SSID is announced and advertised by the router Disable SSID is not advertised – you cannot “browse” this network to connect, you must know it exists.
  • Page 65: Wi-Fi Security

    AP Isolation This setting isolates wireless clients so that client-to-client access between different SSIDs is prohibited. Note: Please save the changes after changing any of the "Wireless Mode", "Wireless Network Mode", "wireless width", "broadband" options – failure to do so may result in you being unable to see all configuration options, and may also result in a misconfigured modem.
  • Page 66 WEP: This is a basic encryption algorithm that has known security issues – it is strongly recommended only use WEP if you have clients that can only support WEP (usually older, 802.11b-only clients). Authentication Type Open or shared key Default Transmit Key Select the key form Key 1 - Key 4 key.
  • Page 67 Encryption There are two levels of WEP encryption, 64-bit (40-bit) and 128-bit. To utilize WEP, select the desired encryption bit, and enter a passphrase or up to four WEP key in hexadecimal format. If you are using 64-bit (40-bit), then each key must consist of exactly 10 hexadecimal characters or 5 ASCII characters.
  • Page 68: Captive Portal

    WPA Enterprise/WPA2 Enterprise/WPA2 Enterprise Mixed: WPA Enterprise uses an external RADIUS server to perform user authentication. WPA Algorithms AES/TKIP/TPIP+AES. Radius AUTH Sever Address The IP address of the RADIUS server. Radius AUTH Server Port The RADIUS Port (default is 1812) Radius AUTH Shared Secret The shared secret from the RADIUS server。...
  • Page 69 While configuring a hotspot is beyond the scope of this document, the following screenshots show the available configuration for HOTSPOTSYSTEM and also for CHILLIHOTSPOT:...
  • Page 71: Advanced Feature

    IP address of the device changes. The MA-6060 router supports dynamic DNS updates, automatically updating the DNS server when the WAN interface IP address assignment changes. DDNS Service: The Maxon MA100-1010-4G router currently supports DynDNS, NO-IP and Custom based on the user.
  • Page 72 User Name: DDNS server username Password: DDNS server password Host Name: FQDN of the modem (modem name, eg modem.dyndns.org) Type: Select the appropriate value (list varies depending on the setting of “DDNS Service”) Wildcard: Support wildcard or not, the default is OFF. ON means *.host.3322.org is equal to host.3322.org Do not use external ip check: Enable or disable the function of 'do not use external ip check'...
  • Page 73 DDNS Status shows DDNS specific log information...
  • Page 74: Pptp Vpn

    VPN. PPTP Server Users can configure modem as PPTP server with the following setting. For more details information please contact Maxon Australia support team for application guides Broadcast support: Enable or disable broadcast support of PPTP server...
  • Page 75 Note: client IP must be in a different range compared to the IP assigned by router DHCP. The format of CHAP Secrets is user * password *. PPTP Client Users can configure modem as PPTP client with the following setting. For more details information please contact Maxon Australia support team for application guides...
  • Page 76 Server IP or DNS Name: PPTP server’s IP Address or DNS Name Remote Subnet: the network of the remote PPTP server Remote Subnet Mask: subnet mask of remote PPTP server MPPE Encryption: enable or disable Microsoft Point-to-Point Encryption。 MTU: maximum Transmission Unit MRU: maximum Receive Unit NAT: network Address Translation User Name: user name to login PPTP Server.
  • Page 77: L2Tp Vpn

    L2TP VPN Force MPPE Encryption: enable or disable force MPPE encryption of L2TP data Server IP: Input tunnel IP address of the router PPTP server interface – this must be on a different subnet to modem LAN Client IP(s): IP address assigns to the client, the format is xxx.xxx.xxx.xxx- xxx.xxx.xxx.xxx CHAP Secrets: User name and password of the client using L2TP service Note: Please ensure client IPs do not overlap with modem DHCP server IP range.
  • Page 78 L2TP Client Tunnel Name: user friendly name for your reference User Name: User name to login L2TP Server Password: Password to login L2TP Server Tunnel Authentication Password: a pre-shared authentication password Gateway (L2TP Server): L2TP server’s IP Address or DNS Name Remote Subnet: The network of remote L2TP server Remote Subnet Mask: Subnet mask of remote L2TP server MPPE Encryption: Enable or disable Microsoft Point-to-Point Encryption...
  • Page 79: Openvpn

    MRU: Maximum receive unit NAT: Network address translation Fixed IP: enable a fixed IP for this client Fixed IP Address: (when “Fixed IP” is enabled) the fixed IP to use. Require CHAP: Enable or disable support chap authentication protocol Refuse PAP: Enable or disable refuse to support the pap authentication Require Authentication: Enable or disable support authentication protocol OPENVPN Start Type: WAN UP----start after on-line, System----start when boot up...
  • Page 80 Netmask: netmask allowed by OPENVPN server Bridge (TAP): DHCP-Proxy mode: enable or disable DHCP-Proxy mode Pool start IP: pool start IP of the client allowed by OPENVPN server Pool end IP: pool end IP of the client allowed by OPENVPN server Gateway: the gateway of the client allowed by OPENVPN server Netmask: netmask of the client allowed by OPENVPN server Block DHCP across the tunnel: filter (drop) DHCP packets in the tunnel...
  • Page 81 Note: some ciphers are no longer considered “safe” – eg AES-128-CBC. Hash Algorithm: Hash algorithm provides a method of quick access to data, including SHA1,SHA256,SHA512,MD5 Note: some hash algorithms are no longer considered “safe” – eg SHA1 Advanced Options TLS Cipher: restrict TLS cipher choice to listed ciphers only Use LZO Compression: enable or disable use LZO compression for data transfer Redirect default Gateway: enable or disable redirect default gateway Allow Client to Client: enable or disable allow client to client...
  • Page 82 CCD-Dir DEFAULT file: Where you are using client config files, this is the default config to use when the CN is not listed in the CCD folder. Client connect script: the script to run when a client connects Static Key: When using a pre-shared key for authentication, put the key here PKCS12 Key: When using PKCS12 keys, put the key here These options are always available: Public Server Cert: The certificate the server is to use to identify itself...
  • Page 83 CA Cert: the certificate used to verify client certificates (this CA has signed client certs) Private Server Key: the key used by the server (key to “Public Server Cert”) DH PEM: Duffie-Hillman parameter file for the server certificate Additional Config: additional configurations of the server TLS Auth Key: if using TLS authentication headers, put the TLS Auth key here...
  • Page 84 Certificate Revoke List: You can add certificates that have been compromised here – they will be rejected even though they pass all other authentications.
  • Page 85 OPENVPN Client Server IP/Name: IP address or domain name of OPENVPN server to connect to Port: port that OPENVPN server is listening on Tunnel Device: TUN----Router mode, TAP----Bridge mode Tunnel Protocol: use UDP or TCP protocol for transport Encryption Cipher: Blowfish CBC,AES-128 CBC,AES-192 CBC,AES-256 CBC,AES-512 CBC Hash Algorithm: Hash algorithm provides a method of quick access to data, including SHA1, SHA256, SHA512, MD5...
  • Page 86 TLS Cipher: restrict the encryption algorithms used by TLS to the specified list. An empty list means no restrictions. Use LZO Compression: enable or disable use LZO compression for data transfer NAT: enable or disable NAT through function Bridge TAP to br0: enable or disable bridge TAP to br0 IP Address / Subnet Mask: the modems LAN subnet TUN MTU Setting: set MTU value of the tunnel MSS-Fix/Fragment across the tunnel: Force TCP MSS low enough to fit in...
  • Page 87 TLA Auth Key: when using TLS Authentication headers, put the TLS Auth key here Additional Config: extra configuration options otherwise not specified on the web page here Policy Based Routing: specify which hosts have traffic down the tunnel (source based routing TO the tunnel) – default is all traffic where the destination route points to the tunnel.
  • Page 88 IPSEC Global settings You can enable or disable NAT-T and set the debug level here. Connect Status and Control Show IPSEC policy and status of current router on IPSEC page. Name: the name of IPSEC connection Type: The type and function of current IPSEC connection Common name: local subnet, local address, opposite end address and opposite end subnet of current connection Status: connection status: closed, negotiating, establish:...
  • Page 89 Delete: to delete the connection, also will delete IPSEC if IPSEC has set up Edit: to edit the configure information of this connection, reload this connection to make the configuration effect after edit Reconnect: this action will remove current tunnel, and re-launch tunnel establish request Enable: when the connection is enable, it will launch tunnel establish request when the system reboot or reconnect, otherwise the connection will not do it...
  • Page 90 Local WAN Interface: local address of the tunnel Remote Host Address: IP/domain name of end opposite; this option disabled in server mode Local Subnet: CIDR of the modem LAN, i.e. 192.168.1.0/24 Remote Subnet: CIDR of server subnet, i.e.192.168.7.0/24 Local ID: tunnel local end identification, IP and domain name are available Remote ID: tunnel opposite end identification, IP and domain name are available Detection: Detect “dead”...
  • Page 91 Enable Advanced Settings: Enable to configure 1 and 2 phase information, otherwise it will automate negotiation according to opposite end IKE Encryption: IKE phase encryption mode IKE Integrity: IKE phase authentication algorithm IKE Group type: DH exchange algorithm IKE Lifetime: set IKE lifetime, current unit is hour, the default is 0 ESP Encryption: ESP encryption type ESP Integrity: ESP authentication algorithm ESP Key life: Set ESP key life, current unit is hour, the default is 0...
  • Page 93: Gre

    GRE (Generic Routing Encapsulation) protocol is a network layer protocol (such as IP and IPX) data packets are encapsulated, so these encapsulated data packets to another network layer protocol (IP)transmission. GRE Tunnel (tunnel) technology, Layer Two Tunnelling Protocol VPN (Virtual Private Network). GRE Tunnel: enable or disable ALL GRE tunnels Number Select the tunnel definition you want to view/edit Status Switch on/off individual GRE tunnels...
  • Page 94: Port Forwarding

    Peer Tunnel IP:The remote tunnel ip address Local Tunnel IP:The local tunnel ip address Local Netmask:Netmask of local network Keepalive:Enable or disable GRE Keepalive function Retry times:GRE keepalive detect fail retries Interval:The time interval of GRE keepalive packet sent Fail Action The action would be exec after keeping alive failed Click on “View GRE tunnels”...
  • Page 95: Port Range Forwarding

    Delete: check, then click “Apply Settings” to delete this entry. Num: (view only) the ordinal position in the list Application: Enter the name of the application in the field provided. Protocol: Chose the right protocol TCP, UDP or Both. Set this to what the application requires.
  • Page 96 applications. Specialized Internet applications are any applications that use Internet access to perform functions such as videoconferencing or online gaming. When users send this type of request to your network via the Internet, the router will forward those requests to the appropriate PC. Application: Enter the name of the application in the field provided.
  • Page 97: Dmz

    The DMZ (Demilitarized Zone) hosting feature allows one local user to be exposed to the Internet for use of a special-purpose service such as Internet gaming or videoconferencing. DMZ hosting forwards all the ports at the same time to one PC. The Port Forwarding feature is more secure because it only opens the ports you want to have opened, while DMZ hosting opens all the ports of one computer, exposing the computer so the Internet can see it.
  • Page 98 RP-PPPoEServer Daemon: enable or disable PPPoE server RP-PPPoEServer Options PPPOE Server Interface: PPPoE server interface to the outside, only to support the LAN port Client IP(s): IP range assigns to the PPPoE client in the format: xxx.xxx.xxx.xxx- Deflate Compression: Enable or disable Deflate Compression BSD Compression: Enable or disable BSD Compression LZS Stac Compression: Enable or disable LZS Stac Compression MPPC Compression: Enable or disable MPPC Compression...
  • Page 99 LCP Echo Failure: Timeout value for LCP echo response packets. Idle Time: Set idle time, idle time at the appropriate time to release the PPPoE Authentication: including local and Radius (Remote Authentication Dial In User) Local User Management(CHAP Secrets) User: Set PPPOE client's user name Password: Set PPPOE client's user password IP Address: Set PPPOE client's user IP address Enable: Enable or disable this setting...
  • Page 100: Advanced Networking

    Radius Shared Key: Transactions between the client and RADIUS accounting server are authenticated using a shared secret, which is never sent over the network. Advanced Networking Advanced Routing Operating Mode: Gateway and Router If the MA-6060 is acting as your primary gateway to the internet, select “gateway”, otherwise select “router”.
  • Page 101 Static Routing Select set number: the routing table entry number and name in brackets Route Name: naming rules makes your life easier! Metric: the “cost” of this route – lower numbers are preferred routes. Destination LAN NET: the new route destination address Subnet Mask: the subnet mask for the new route Gateway: IP address of the gateway device that forwards packets to the destination host or network.
  • Page 102: Mac Address Clone

    Mac address Clone Some ISPs lock service provision to a MAC address. By cloning the MAC address, you can insert the MA-6060 into the network path without needing to update your MAC address with your ISP. Clone MAC address can clone three parts: Clone LAN MAC, Clone WAN MAC, Clone Wireless MAC.
  • Page 103: Vlans

    VLANs VLAN’s allow users to specify which ports are “bridged” – that is, where broadcast traffic will be shared. This allows users to create separate subnets on each LAN port (or group of LAN ports). Note that although there are 15 VLAN’s available, there are only 5 ports (4 x LAN, 1 x WAN).
  • Page 104: Qos Basic

    QOS Basic Bandwidth management prioritizes the traffic on router. Interactive traffic (telephony, browsing, telnet, etc.) gets priority and bulk traffic (file transfer, P2P) gets low priority. The main goal is to allow both types to live side-by side without unimportant traffic disturbing more critical things. All of this is automatic. QoS allows control of the bandwidth allocation to different services, netmasks, MAC addresses and the four LAN ports.
  • Page 105: Qos Classify

    HTB Settings - Hierarchical Token Bucket, it is a faster replacement for the CBQ qdisc in Linux. HTB helps in controlling the use of the outbound bandwidth on a given link. HTB allows you to use one physical link to simulate several slower links and to send different kinds of traffic on different simulated links.
  • Page 106: Security

    Users may specify priority for all traffic from a given IP address or IP Range, protocol (TCP,UDP, ICMP or TCP/UDP), source port range and destination port range, and the priority (“band”) packets matching the specification will use. Check all values and click Save Settings to save settings. Click the Cancel changes button to cancel unsaved changes.
  • Page 107 enable the SPI firewall, users can use other firewall functions: filtering proxy, block WAN requests, etc. Additional Filters Filter Proxy: Wan proxy server may reduce the security of the gateway; Filtering Proxy will prevent access to any wan proxy server. Filter Cookies: Cookies are website of data stored on your computer.
  • Page 108 requests (“PING” requests). The default state of this feature is enabled, choose to disable to allow the router to respond to ping requests. Filter IDENT (Port 113): Enable this feature can prevent port 113 from being scanned from outside. Click the check box to enable the function otherwise disabled.
  • Page 109 Limit L2TP Server Access: When build a L2TP Server in the router, this feature limits the access from the WAN by L2TP, helping prevent nefarious users from a successful DoS attack. Log Management The router can keep logs of all incoming or outgoing traffic for your Internet connection.
  • Page 110: Wan Access

    Outgoing Log: To see a temporary log of the Router's most recent outgoing traffic, click the Outgoing Log button. Click the Save Settings button to save your changes. Click the Cancel Changes button to cancel unsaved changes. WAN Access Users can block or allow specific types of Internet applications. They can set specific PC-based Internet access policies.
  • Page 111 Two options in the default policy rules: "Filter" and "reject". If select "Deny”, modem will deny specific computers to access any Internet service at a particular time period. If you choose to "filter”, it will block specific computers to access the specific sites at a specific time.
  • Page 112 Website Blocking by URL Address: Users can block access to certain websites by entering their URL. Website Blocking by Keyword: You can block access to certain website by the keywords contained in their webpage set up Internet access policy 1. Select the policy number (1-10) in the drop-down menu.
  • Page 113 2. For this policy is enabled, click the radio button next to "Enable" 3. Enter a name in the Policy Name field. 4. Click the Edit List of PCs button. 5. On the List of PCs screen, specify PCs by IP address or MAC address. Enter the appropriate IP addresses into the IP fields.
  • Page 114: Url Filtering

    or directly to save the settings. If the strategy edited is the first, it will be automatically saved into the second, if not the first, keep the original number. Turn off the power of the router or reboot the router can cause a 2)...
  • Page 115 Enable Packet Filter: Enable or disable “packet filter” function Policy: The filter rule’s policy, you can choose the following options Discard the Following--Discard packets conform to the following rules, Accept all other packets (“black list”) Only Accept the Following-- Accept only the data packets conform to the following rules, discard all other packets (“white list”) Direction Input: packet from WAN to LAN...
  • Page 116: Serial Applications

    Destination IP: packet's destination IP address Note: "Source Port" ,"Destination Port" ,"Source IP" ,"Destination IP" could not be all empty ,you have to input at least one of these four parameters. Serial Applications The modems serial port is by default a “console” for the modem kernel. By enabling the serial application, you can assign this port to an application such as UDP to serial gateway, Modbus TCP device etc.
  • Page 117: Maxconnect

    It is a cloud based M2M management portal which allows you to access, monitor and control 3G/4G Maxon devices securely. With maXconnect you can access real-time data from your devices, monitor their status and location. Utilize complete functionality by controlling your devices anywhere, anytime.
  • Page 118: Digital I/O Configuration

    Digital I/O Configuration You can enable web- and SMS-based notification and control on this page. NOTE: When serial application is running and set to “Modbus TCP”, Modbus commands can read/write the digital I/O pins. See the Modbus section for more details. Digital IO: Enable or disable digital I/O...
  • Page 119: Administration

    SMS Message Input: for each input (1 and 2) enter the SMS message content to send when input goes high (“trigger high”) and low (“trigger low”) SMS Message Output (Relay): for each output, enter the SMS message content that needs to be sent to the router to set the output on (“trigger high”) or off (“trigger low”) Phone Number: Enter up to 6 (six) phone numbers to send status to / receive commands from.
  • Page 120 It is strongly recommended that users to change the factory default password of the router, all users who try to access the router's web port will be prompted for the router's password. Web Access This feature allows you to manage the router using either HTTP protocol or the HTTPS protocol.
  • Page 121 Remote Access: This feature allows users to manage the router from a remote location, via the Internet. To disable this feature, keep the default setting, Disable. To enable this feature select Enable and use the specified port (default is 8080) on your PC to remotely manage the router.
  • Page 122: Schedule Reboot & Shutdown

    Schedule Reboot & Shutdown Modem can be scheduled to reboot and shutdown on specific day and time. Users can schedule regular shutdown and reboot for the router. For date, based shutdown and reboot the Cron service must be activated. See Management for Cron activation. Users can schedule regular reboots of the router on regular intervals after XXX seconds, at a specific date time, each week or every day.
  • Page 123: Sms Settings

    Modem will send acknowledgement of SMS message. The phone numbers must be in International format only. Syntax Comment MA-6060.MAXON.WANIP To retrieve WAN IP MA-6060.MAXON.REBOOT To reboot modem DATMAX.MAXON.APN=” APN name To setup modem APN here” To retrieve modem’s signal strength MA-6060.MAXON.RSSI MA-6060.MAXON. USERNAME=” TO configure WAN username...
  • Page 124: Web Logs

    Username here” MA-6060.MAXON. PASSWORD=” TO configure WAN password Password here” Web logs Web logs display modem debugging logs. To get more details on debugging logs please enable console logs under Services. Shell Commands Run Command: Users can run BASH commands on the route via the web interface.
  • Page 125: Firmware Upgrade

    Custom Script Custom script is stored in /tmp/custom.sh file. Users can run it manually or use cron to run it on a schedule. Fill the text area with script's instructions (only one command by row) and click Save Custom Script. Firmware upgrade Firmware upgrade allows users to upgrade or downgrade firmware.
  • Page 126: Backup And Restore

    Backup and Restore Users can backup current configuration using Backup button and restore the settings using restore button. You should ensure that the modem/router is the same model number as the original, and that the firmware versions match. Factory Default Factory default settings allow user to revert setting to factory settings.
  • Page 127: Reboot

    Reboot This menu allows modem to perform soft reboot of the modem. In most cases, you should re-boot the router after making a configuration change – this ensures that the saved configuration is how you desire, so the router will come up from a power interruption for example, with the correct, working configuration.

Table of Contents